Hi All,
I’m trying to create a Network load balancer with access logs enabled I face an Access denied error. I don’t face any errors while creating ALB resources. Can anyone assist here please?
│ Error: failure configuring LB attributes: ValidationError: Access Denied for bucket: nlb-bucket-123456789. Please check S3bucket permission
│ status code: 400, request id: d13fad3b-f57e-4f9b-92e0-64d95cadf520
│
│ with aws_lb.nlb,
│ on main.tf line 85, in resource "aws_lb" "nlb":
│ 85: resource "aws_lb" "nlb" {
Here’s my terraform code
resource "aws_lb" "nlb" {
name = local.full_name
subnets = var.subnet_ids
internal = var.internal
load_balancer_type = "network"
tags = var.tags
access_logs {
bucket = aws_s3_bucket.access_logs.bucket
prefix = ""
enabled = var.log_access_logs_to_s3
}
}
Here’s my s3 bucket policy, Please note I’ve S3 resources in main.tf file but not included here.
data "aws_iam_policy_document" "this_aws_s3_iam_policy_document" {
statement {
effect = "Allow"
principals {
identifiers = [data.aws_elb_service_account.this_aws_elb_service_account.arn]
type = "AWS"
}
actions = [
"s3:PutObject"
]
resources = [
"${aws_s3_bucket.access_logs.arn}/*"
]
}
}
Thanks